<?php defined('SYSPATH') or die('No direct script access.');

class Controller_BoAdmin extends Controller_Layout {

	public $secure_actions = array('index'=>'','password'=>'','changepassword'=>'');
	
	public $auth_required = TRUE;

	function action_index(){
		if($this->logged_in()!= 0){
			Request::instance()->redirect('boSupplier');
		}else{
			$view = View::factory('pages/bo/login');
			$this->request->response = $view;
		}
 	}

	function action_login(){
		
		$content = View::factory('pages/bo/login');

		#If there is a post and $_POST is not empty
		if ($_POST)
		{
			#If user already signed-in
			if($this->logged_in()!= 0){
				#redirect to the user account
				Request::instance()->redirect('boSupplier');
			}
			#Instantiate a new user
			$user = ORM::factory('user');
				
			$array = $user->validate_create($_POST);

			if ($array->check()) {
				// Attempt to load the user
				$loginUser = ORM::factory("user");
				$loginUser = $loginUser->where('username', '=', $array['username'])->find();

				if ($loginUser->loaded() AND $this->checkPassword($loginUser->password , $array['password']))
				{
					$this->setSession($loginUser);
					Request::instance()->redirect('boadmin');
				}else {
					$msg = '用户或者密码有误，请输入正确的用户名密码';
				    $this->gotopage($msg,'boadmin/login');
				    return ;
				}
			}
			$msg = '用户或者密码有误，请输入正确的用户名密码';
		    $this->gotopage($msg,'boadmin/login');
		    return ;
		}
		$this->request->response = $content;

	}
	
	function action_password() {
		$view = View::factory('pages/bo/change_password');
		$this->request->response = $view;
	}
	
    function action_changepassword() {
		$view = View::factory('pages/bo/change_password');
		$user = $this->get_user();
		if ($_POST)
		{
			$post = $user->validate_create($_POST);
			if ($this->checkPassword($user->password , $post['password'])) {
				$user->password = $this->hash_password($_POST['new_password']);
				$user->save();
				$this->logout(true);
				$msg = '密码修改成功，请重新登录';
				$this->gotopage($msg,'boadmin/login');
				return ;

			}
			$msg = '你输入的原始密码有误,请输入正确的密码';
		    $this->gotopage($msg,'admin/password');
		}
	}
	
	function action_logout(){
		if($this->logout(true)) {
			echo "logout success!";
			Request::instance()->redirect('boadmin/login');
		}
	}
	
	function checkPassword($password,$loginPassword) {
		$salt = $this->find_salt($password);
		return $password == $this->hash_password($loginPassword,$salt);
	}
	
	function setSession($user) {
		$this->session= Session::instance();
		// Regenerate session_id
		$this->session->regenerate();

		// Store username in session
		$this->session->set($this->_config['session_key'], $user);
	}
	
	
   function logout($destroy = FALSE, $logout_all = FALSE)
	{
		if ($destroy === TRUE)
		{
			// Destroy the session completely
			$this->session->destroy();
		}
		else
		{
			// Remove the user from the session
			$this->session->delete($this->_config['session_key']);

			// Regenerate session_id
			$this->session->regenerate();
		}

		// Double check
		return ! $this->logged_in();
	}
	
}